Malicious software was found inside CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. While only 5,000 people downloaded the impacted version of CCloud, 2.27 million installed CCleaner 5.33.6162 in August.

Avast, which recently acquired CCleaner developer Piriform, released a virus-free version of the software last week. The Prague-based company said Tuesday that only 730,000 people are still using the infected version.

"For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner," said Cisco's cybersecurity division Talos. The malware could steal various types of data from devices, including IP addresses, network adapters and active software.

"The compromised version of CCleaner was released on August 15 and went undetected by any security company for four weeks, underscoring the sophistication of the attack," said Avast CEO Vince Steckler and EVP of Consumer Business Ondřej Vlček in a blog post.

The company says it's working with law enforcement to identify the perpetrators behind the attack.